PostgreSQL 2010-03-15 Cumulative Bug-Fix Release

Posted on 2010-03-14

The PostgreSQL Project today released minor versions updating all active branches of the PostgreSQL object-relational database system, including versions 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24, and 7.4.28. This release provides a workaround for some third-party SSL libraries, as well as multiple fixes for minor uptime and data integrity issues. All database administrators are urged to update your version of PostgreSQL at your next scheduled downtime.

The SSL security issue CVE-2009-3555 in some SSL libraries has caused many vendors to release security patches. To enable PostgreSQL to work with these patched versions for SSL database connections, we have added the new parameter "ssl_renegotiation_limit" to control how often the database server will renegotiate session keys.

There are 47 other bug fixes in this release, many of which apply only to version 8.4. These are generally fixes for minor issues and combinational errors, including:

Fix potential deadlock during startup

Remove several possible rare crash conditions

Fix several minor data-loss issues with GIN and GiST indexes

Close two corner-case memory leaks

Update time zone data for 6 regions

See the release notes for a full list of changes with details. The PostgreSQL Global Development Group thanks all of our users whose bug reports over the last 3 months enabled us to find and fix these issues.

As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users skipping more than one update may need to check the release notes for extra, post-update steps.